[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled
Stefan Fritsch
sf at sfritsch.de
Wed Sep 7 18:16:12 UTC 2011
Note that it is impossible to determine from apache's response alone if
apache is vulnerable or not. The only way to check it is to do a request
with lots of overlapping ranges (like killapache does) and check if the
process size increases a lot or not. On 32bit machines, the original
vulnerability caused an increase by 70-90MB per process/thread. On 64bit
machines, the increase was even larger.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/839569
Title:
Apache2 is still Range header DoS vulnerable if gzip compression is
enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions
More information about the Ubuntu-server-bugs
mailing list